Enterprise: Direct Branch Multi-Cloud Connectivity


Geographically distributed enterprises with many branch office locations and multi-cloud instances typically backhaul cloud-destined traffic to the data center at headquarters or to a regional hub site for advanced security inspection. The aggregated traffic is then directed to cloud Infrastructure-as-a-Service (IaaS) or Software-as-a-Service (SaaS) providers using a private high-speed link on the backend such as Microsoft Azure ExpressRoute and Amazon AWS Direct Connect for IaaS services and MPLS or business-grade broadband for SaaS, as shown in figure 1.

Figure 1

So what is multi-cloud and why is it relevant? Cloud native development and operations workflows are enabling enterprises to adopt a multi-cloud strategy. Cloud native development enables organizations to build a portable software stack that is DevOps driven, free from vendor lock-in and capable of delivering a superior set of capabilities from a single cloud. This allows enterprises to evaluate and select the cloud services that have optimal workflows for certain applications. Often development teams don’t want central IT to tell them to use any database as long as it is Oracle, application teams don’t want to deploy in an environment that is ill-suited to the task at hand.

Increasingly, enterprises are adopting multi-cloud strategies to leverage multiple cloud platforms to support a range of SaaS and corporate workloads, each with varying software application requirements. A multi-cloud strategy can be implemented with a mix of public, private, hybrid and SaaS clouds to support the specific objectives of an enterprise.

These objectives can range from reducing IT spend on IT infrastructure, to improving the on-board and delivery of applications to enterprise users, to improving the end user experience or shifting from capex to opex budgets.

Perhaps the most attractive benefit of a multi-cloud strategy for some enterprises is the ability to avoid vendor lock-in. A multi-cloud strategy provides the enterprise with an advantage, rather than the cloud provider, providing IT organizations with the flexibility to use a combination of cloud (IaaS or SaaS) providers to meet specific workload requirements.


Backhauling cloud-destined traffic to the data center increases latency and degrades application performance, resulting in a poor quality of experience for users. Backhauling also increases the cost of procuring and managing dedicated high-speed MPLS or Ethernet transport connections for traffic that could be sent directly from branch office sites to IaaS and SaaS providers over the internet. As enterprises migrate more workloads to public cloud infrastructure, and also leverage more SaaS, they have to address the complexities associated with managing multi-cloud connectivity requirements for IaaS, SaaS and private cloud-hosted applications. To summarize, key enterprise challenges include:

  • Resolving poor end user quality of experience and impaired application performance resulting from increased latency due to backhauling application traffic to a data center for security inspection
  • Added costs from relying on expensive, dedicated high bandwidth private MPLS circuits from data centers to virtual private clouds to support application traffic and the transfer of large files between on-premise data centers and IaaS providers
  • Increased risk from managing and optimizing the use of multiple cloud providers. If one web service host fails, a business can continue to operate with other platforms in a multi-cloud environment versus storing all data in one place.
  • Exposuring the organization to potential security threats by leveraging the internet itself, policing for personal applications (e.g. Facebook, Instagram, Netflix) and any unsanctioned “Shadow IT” cloud environments.


The Silver Peak Unity EdgeConnect™ SD-WAN edge platform addresses the challenges associated with backhauling cloud-destined traffic to the data center, thereby reducing the cost of bandwidth connectivity from the data center to cloud providers, as shown in figure 2, in the following ways:

Figure 2
  • EdgeConnect virtual instances can be easily deployed within all of four of the major public cloud providers, Amazon AWS, Google Cloud, Microsoft Azure and Oracle Cloud Infrastructure, via their respective marketplaces.
  • EdgeConnect First-packet iQ™ application classification technology identifies applications on the first packet to enable granular traffic steering and secure local internet breakout of authorized (whitelisted) SaaS application traffic from the branch. Directly sending SaaS traffic from the branch sites to the SaaS provider avoids backhaul to the data center, delivering the highest quality of experience to application users. This also eliminates the potential for wasted bandwidth, increased latency and performance bottlenecks for trusted SaaS and web traffic. Non-whitelisted cloud traffic can be automatically directed to more robust security services in the cloud or back at headquarters in accordance with corporate security policies.
  • Centralized orchestration of any IaaS and SaaS connectivity policies and services via Unity Orchestrator™, simplifies secure connectivity and configuration policies to cloud providers. From a single pane-of-glass, IT can manage on-going operations of EdgeConnect network functions. Centralized orchestration ensures that consistent policies are enforced across the enterprise.
  • EdgeConnect includes optional unified WAN optimization software, Unity Boost™, that accelerates applications and compresses data sets. Boost mitigates latency by accelerating TCP and other protocols thus improving application response time a cross the WAN. Furthermore, deploying EdgeConnect with Boost in IaaS improves the performance for replication and back up applications by overcoming distance limitations and poor network quality issues. Data reduction techniques can be applied to all inbound and outbound WAN traffic in real-time, storing a single local instance of data on each EdgeConnect appliance.

Secure, direct branch-multi-cloud connectivity is available today with the Silver Peak EdgeConnect SD-WAN edge platform, enabling organizations to securely connect users directly from branch offices to cloud-based services driving a better user experience and cost savings for the business.